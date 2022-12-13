Read full article on original website
FireTail, an API Security Company, Raises USD 5 Million
This week, API security startup FireTail announced that it had raised USD 5 million in an early-stage financing round, which was headed by Paladin Capital Group and included General Advance, Secure Octane, Zscaler, and angel investors. The Mclean, Virginia-based company, which was established in 2021, suggests a novel strategy for...
Adobe Patches 38 Flaws in Enterprise Software Products
Adobe resumed its regular Patch Tuesday cadence with the release of fixes for at least 38 vulnerabilities in numerous enterprise-facing products after missing it last month. The San Jose, California-based software developer warned that the flaws could put users at risk of privilege escalation and code execution attacks on all types of computing platforms. The content management software used by corporate marketing teams, Adobe Experience Manager (AEM), has the most serious flaws. In the AEM Cloud Service (Release 2022.10.0), Adobe claimed to have fixed at least 33 bugs, and it issued a warning about the possibility of serious hacker attacks.
HackerOne’s Paid Bug Bounties Surpass USD 230 Million
Bug bounty platform HackerOne says that in 2022, ethical hackers found and reported more than 65,000 software flaws. The well-known hacker-powered platform has awarded USD 230 million in bug bounties since its inception. It hosts bug bounty programs for both public and private organizations, including government agencies. Over USD 1...
Balbix Declares Industry-First Capabilities to Map Software Vulnerabilities and Endpoint Security Controls to the MITRE ATT&CK Framework
Balbix, the leader in cybersecurity posture automation, announced new platform capabilities to automatically map software vulnerabilities and endpoint security controls to the MITRE ATT&CK Framework. These new capabilities enable organizations to determine their unmitigated cyber risk accurately and better prioritize vulnerabilities for remediation. Security teams can use this information to reduce cyber risk faster and improve how they report risk to senior leadership and the board.
Delinea Presents Developers with Additional Flexibility and Security for Coded Credentials
Delinea, a leading provider of Privileged Access Management (PAM) solutions for seamless security, today announced the newest release of DevOps Secrets Vault, its high-speed vault for DevOps and DevSecOps teams. The latest features include Bring Your Own Key (BYOK), GitHub action integration, and user interface improvements that provide developers with enhanced flexibility and additional credential security controls when connecting application layers across cloud infrastructure.
Critical Challenges of Security Operations Centers (SOCs)
The first layer of protection for the firm is the Security Operations Centers (SOCs) analysts. To protect their company from cyber-attacks, enterprises must properly train their employees and give them the right tools. Cyberattacks is also constantly getting more sophisticated; and the modern CISO is now accepting this reality and...
Balbix Declares Cybersecurity Posture Automation for Microsoft Azure
Balbix, the leader in cybersecurity posture automation, announced its support for Microsoft Azure today. With these new capabilities, Balbix now supports the three top cloud service providers – Microsoft Azure, Amazon Web Services and Google Cloud Platform – as well as traditional environments. Balbix also announced enhanced platform support for the Microsoft ecosystem, including Azure services, Windows, Microsoft Store apps and Azure Active Directory single sign-on.
Core Aspects of Digital Immune Systems
Many cybersecurity experts are exploring opportunities to strengthen their cybersecurity posture by ingraining digital immunity into their business operations. Businesses-critical operations are becoming increasingly dependent on technology. This is especially true in hybrid work environments where success is dependent on providing seamless digital experiences across every device, no matter where employees are based. Irrespective of the immense benefits of hybrid work models and large-scale adoption of the cloud, it has also exposed businesses to various threats and risks. There is a tremendous amount of data generated in the cybersecurity field today. Previously enterprises used to operate on very few insights from their data. Enterprises that want to develop a resilient business network need to have a data-driven defense strategy that acts as a digital immune system that enables them to stay secure from various sophisticated threats.
Living Security Collaborates with GuidePoint Security to Bring Leading Human Risk Management Solutions to a Broader Market
Living Security, the leader in Human Risk Management, today announced a strategic partnership with GuidePoint Security, a leading value-added reseller (VAR) enabling organizations to make smarter cybersecurity decisions and minimize their risk exposure. The collaboration will deliver Living Security’s industry-leading Human Risk Management solutions and security awareness training to even more organizations within GuidePoint Security’s ecosystem.
CISA Warns of Vulnerabilities in Veeam Backup & Replication Used in Attacks
Two vulnerabilities affecting Veeam’s Backup & Replication product have been added to the US Cybersecurity and Infrastructure Security Agency’s (CISA) list of known exploited vulnerabilities. On Tuesday, CISA added five vulnerabilities to its database, including ones that affect products from Veeam, Fortinet, Microsoft, and Citrix. The list now...
Action1 Introduces Continuous Patch Compliance with Automated Remediation of Security Vulnerabilities
Action1 Corporation, provider of the #1 cloud-native patch management platform designed for work-from-anywhere organizations, today released the new version of its solution. Updated Action1 helps internal IT departments and managed service providers (MSPs) intelligently automate patching and remediation of security vulnerabilities across their endpoints and monitor patching results in real-time. Consequently, the new version enables organizations to mitigate security and non-compliance risks in response to escalating cyber threats and strengthened regulations by ensuring continuous patch compliance.
Vulcan Cyber and Four Inc. Collaborate to Bring Cyber Risk Management SaaS Platform to the Public Sector
Vulcan Cyber, developers of the cyber risk management platform for infrastructure, application and cloud vulnerabilities, today announced a partnership with Four Inc., a leading federal IT resale, financing, and contracts administration provider. Four Inc. will provide the Vulcan Cyber unified cyber risk and security posture management platform to the public sector through Four Inc.’s NASA Solutions for Enterprise-Wide Procurement (SEWPV), Information Technology Enterprise Solutions-Software 2 (ITES-SW2) contracts and its network of channel partners as part of Four Inc.’s boutique aggregation program. The program offers key elements to support and grow Vulcan Cyber business in the public sector.
Best Practices to Ensure Efficient Cyber Security Compliance Audits
The threats and risks of cybercrime have evolved tremendously, and businesses need to constantly audit their cybersecurity compliance success to evaluate their efficiency. As businesses globally have leveraged different cloud tools throughout all their digital assets, they need to strike a perfect balance between data storage and security while the data is on the cloud and on-premises. According to a recent report by Thales titled “2022 Thales Cloud Security Study,” nearly 43% of the respondents say that their efforts to execute security compliance audit at some points. The report highlights the tremendous scope of cybersecurity opportunities for businesses that have successfully migrated to the cloud. CISOs should design and implement effective cybersecurity audit standards to secure all their assets and comply with governance policies.
Security Companies Alert Microsoft about Signed Drivers Applied to Kill EDR, AV Processes
Several cybersecurity firms have warned Microsoft that cybercriminals have been utilizing signed malicious drivers to terminate antivirus (AV) and endpoint detection and response (EDR) processes. Microsoft released an advisory to inform users about drivers approved by its Windows Hardware Developer Program being used by threat actors in post-exploitation activity, such...
Addressing the Security Risks Associated with Cloud Data
Since cloud storage and computing have made it feasible for every company to transform into an AI-backed, intelligent digital company, businesses will never return to their former data and security postures. Businesses need to modify how they use and store critical data in the cloud in a sensible way. Technology...
SilverSky Raise Standards in MDR Services: with Continual Expert-Led Cyber Range Services
SilverSky, a cybersecurity innovator offering powerful managed detection and response (MDR) services, today announced the expansion of the SilverSky Cyber Range. As part of SilverSky’s current technology offers, its new 24-hour team of cybersecurity experts provides ever-growing and time-sensitive protections not available through most MDR providers. The SilverSky Cyber...
Implementing the Right Risk Assessment Methodology for the Organization
It is crucial to view risk assessment as a positive exercise that advances the goals of the organization and to translate the level of risk into its implications for reputation, operations, or finances. Adequate information security is built upon the risk assessment methodology, and there are many risk methodologies available...
Google Launches Vulnerability Scanner for Open Source Developers
This week, Google unveiled OSV-Scanner, a free scanner that open-source programmers can use to get information on vulnerabilities that are pertinent to their projects. Software projects are more susceptible to supply chain attacks and the exploitation of undiscovered vulnerabilities due to their numerous dependencies. Google last year launched an open source vulnerability database and is now offering a front-end for that database in the form of the OSV-Scanner in an effort to increase the ecosystem’s security by assisting the community in classifying vulnerabilities in open source software.
Wiz Introduces Free Cloud Framework to Drive Community-Backed Security
Wiz, the leading cloud security platform that rapidly enables customers to find and remove critical cloud risks, today announced its newest project, The PEACH framework, a tenant isolation framework for cloud applications. This framework will enable industry-wide collaboration and provide cloud customers and cloud application developers with the necessary guidance to build cloud services securely and prevent critical risks in the implementation process.
New Python-Based Backdoor Intended to Target VMware ESXi Servers
Researchers at the Threat Labs of Juniper Networks have discovered a new Python-based backdoor that targets VMware ESXi virtualization servers. Although the targeted servers were affected by well-known security flaws (like CVE-2019-5544 and CVE-2020-3992) that were probably used for the initial compromise, the researchers were more interested in the backdoor’s ease of use, persistence, and capabilities. To ensure the persistent execution of a Python script at startup, the threat actor modified a total of four files on the target, which the system backs up and restores after a reboot.
